Elastic has released a critical security update for Fleet Server, a key component of its Elastic Agent platform. The update addresses a vulnerability that could lead to the exposure of sensitive information within Fleet policies.
Fleet Server is a core component within Elastic’s architecture that connects Elastic Agents to Fleet. It serves as a scalable control plane, enabling the management of agent policies, status updates, and coordinated actions across large-scale Elastic deployments.
The vulnerability, tracked as CVE-2024-52975 and assigned a CVSS score of 9.0, allows sensitive information to be logged on INFO and ERROR log levels. This information could be accessed by unauthorized individuals, potentially leading to data breaches and other security risks.
“An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled,” the security update explains.
Fleet Server plays a crucial role in connecting Elastic Agents to Fleet, enabling centralized management and control of agent deployments. The vulnerability affects Fleet Server versions from 8.13.0 up to 8.15.0.
Elastic has addressed this vulnerability in version 8.15.0. Organizations using Fleet Server should prioritize upgrading their systems to mitigate the risk of sensitive information exposure.
